Changed expressions to explicitly list policies in 'public' call

Author: Bertrand Dunogier

…ssionLanguage/HasAdminAccessFunction.php …onLanguage/Access/BaseAccessFunction.phpGraphQL/ExpressionLanguage/HasAdminAccessFunction.php renamed to GraphQL/ExpressionLanguage/Access/BaseAccessFunction.php GraphQL/ExpressionLanguage/HasAdminAccessFunction.php renamed to GraphQL/ExpressionLanguage/Access/BaseAccessFunction.php

@@ -1,21 +1,11 @@
 <?php
-namespace BD\EzPlatformGraphQLBundle\GraphQL\ExpressionLanguage;
+namespace BD\EzPlatformGraphQLBundle\GraphQL\ExpressionLanguage\Access;
 
 use Overblog\GraphQLBundle\ExpressionLanguage\ExpressionFunction;
 
-class HasAdminAccessFunction extends ExpressionFunction
+abstract class BaseAccessFunction extends ExpressionFunction
 {
-    public function __construct()
-    {
-        parent::__construct(
-            'hasAdminAccess',
-            function () {
-                return $this->buildHasAccessCode(["section/view", "class/create", "role/read"]);
-            }
-        );
-    }
-
-    private function buildHasAccessCode(array $policies)
+    protected function buildHasAccessCode(array $policies)
     {
         $checks = array_map(
             function($policy) {
@@ -34,4 +24,5 @@ function($policy) {
   return %s;
 })()', implode('||', $checks));
     }
+
 }

GraphQL/ExpressionLanguage/Access/HasAdminAccessFunction.php

@@ -0,0 +1,15 @@
+<?php
+namespace BD\EzPlatformGraphQLBundle\GraphQL\ExpressionLanguage\Access;
+
+class HasAdminAccessFunction extends BaseAccessFunction
+{
+    public function __construct()
+    {
+        parent::__construct(
+            'hasAdminAccess',
+            function () {
+                return $this->buildHasAccessCode(["section/view", "class/create", "role/read"]);
+            }
+        );
+    }
+}

GraphQL/ExpressionLanguage/Access/HasEzAccessToOneOfFunction.php

@@ -0,0 +1,26 @@
+<?php
+namespace BD\EzPlatformGraphQLBundle\GraphQL\ExpressionLanguage\Access;
+
+/**
+ * Expression language function that checks if the current user has access to at least one
+ * of the given policies, with or without limitations.
+ */
+class HasEzAccessToOneOfFunction extends BaseAccessFunction
+{
+    public function __construct()
+    {
+        parent::__construct(
+            'hasEzAccessToOneOf',
+            function () {
+                return $this->buildHasAccessCode(
+                    array_map(
+                        function($value) {
+                            return str_replace('"', '', $value);
+                        },
+                        func_get_args()
+                    )
+                );
+            }
+        );
+    }
+}

Resources/config/graphql/Platform.types.yml

@@ -6,5 +6,4 @@ Platform:
                 type: Repository
                 resolve: { }
                 description: "eZ Platform repository API"
-                public: '@=hasAdminAccess()'
-                public: '@=hasAdminAccess()'
+                public: "@=hasEzAccessToOneOf('section/view', 'class/create', 'role/read')"

Resources/config/services.yml

@@ -23,5 +23,8 @@ services:
 
     BD\EzPlatformGraphQLBundle\GraphQL\InputMapper\SearchQueryMapper: ~
 
-    BD\EzPlatformGraphQLBundle\GraphQL\ExpressionLanguage\HasAdminAccessFunction:
+    BD\EzPlatformGraphQLBundle\GraphQL\ExpressionLanguage\Access\HasAdminAccessFunction:
+        tags: ['overblog_graphql.expression_function']
+
+    BD\EzPlatformGraphQLBundle\GraphQL\ExpressionLanguage\Access\HasEzAccessToOneOfFunction:
         tags: ['overblog_graphql.expression_function']